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DETAILED ACTION 

1 . Currently pending claims are 1-18. 

Response to Arguments 

2. Applicant's arguments with respect to instant claims have been fully considered but are 
moot in view of the new ground(s) of rejection necessitated by Applicant's amendment. 



Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 



(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 



PARTI 



3. Claims 1 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gai et 
al. (U.S. Patent 6,167,445), in view of Brustoloni (U.S. Patent 2003/0236999). 
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As per claim 1 and 10, Gai teaches an apparatus for providing priority queuing to 
pacl<ets at a network device in a communications network (Gai: Column 4 Line 14-20 and 
Column 9 Line 36-47: priority queues are used for managing network congestion control), 
comprising: 

(i) a decision engine (Gai: Figure 5 / Element 512 and Column 10 Line 24 - 34: traffic 
management controller is qualified as a decision engine), at the network device, for receiving 
packets from the communications network and queuing each of the packets in a selected 
queue, wherein n queues having respective level of priority are available and n > 2 (Gai: Figure 
5 / Element 520, 522 & 532 and Column 10 Line 24 - 34 and Column 9 Line 41 - 43: multiple 
priority queues are used) in dependence upon a source address of the packet having a level of 
trust associated to the source address corresponding to the priority level of the selected queue 
(see Brustoloni below) & (Gai: Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 
and Figure 7C / Element 742 & 746: classification rules are used to associate differentiated 
sen/ices (DS) or quality of service (QoS) with different priorities of traffic management that 
corresponds QoS level to packets based on their source or destination addresses). 

(ii) a scheduler (Gai: Figure 5 / Element 522 Column 10 Line 27 - 34) for de-queuing 
packets from the queues for transmission to the network device wherein packets from the queue 
are de-queued at different rates depending according to the respective priorities of the n queues 
(Gai: Column 2 Line 54 - 57, Column 6 Line 27 - 30 / Line 48 - 57, Column 1 5 Line 50 - 54 
and Figure 7C / Element 742 & 746: (a) priority queues are used to traverse the packets at 
different speeds into the network (b) classification rules are used to associate differentiated 
services (DS) or quality of service (QoS) with different priorities of traffic management that 
corresponds QoS level to packets based on their source or destination addresses) & (Brock: 
Para [0009], Para [0028], Para [0012] Line 5-7, Para [0015] Line 10-25 and Para [0032]: by 
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monitoring the source address to prevent the denial of service attacks, a plurality of signature 
tables are created and ranked (with different classifications) based on likelihood of occurrence 
of malicious source devices and a null signature is added into the signature tables 
corresponding to non-malicious devices indicating no threat to the protected device. 

However, Gai does not express explicitly whereby packets with source addresses 
recognized to be legitimate are serviced at a higher rate than packets with unknown source 
address or whose legitimacy is still to be proven. 

Brustoloni teaches whereby packets with source addresses recognized to be legitimate 
are serviced at a higher rate than packets with unknown source address or whose legitimacy is 
still to be proven (Brustoloni: Para [001 1] - [0012]: different service class (i.e. privileged or 
unprivileged class of service) is assigned to the packets based upon whether the source 
address can be recognized to be legitimate (i.e. trusted) or whose legitimacy is still to be proven 
(i.e. untrusted)). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Brustoloni within the system of Gai because (a) 
Gai teaches providing a mechanism to effectively allocate network resources and services when 
greater demands are being placed on the TCP-based network by using classification rules to 
associate different ranking (i.e. different classifications) that corresponds QoS level (i.e. class of 
services) to packets based on their source or destination addresses for intrusion detection 
systems (Gai: Column 5 Line 29 - 33, Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 
- 54 and Figure 7C / Element 742 & 746) and (b) Brustoloni teaches different service class (i.e. 
privileged or unprivileged class of service) is assigned to the packets based upon whether the 
source address can be recognized to be legitimate (i.e. trusted) or whose legitimacy is still to be 
proven (i.e. untrusted) (Brustoloni: Para [001 1] - [0012]). 
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PART II 

4. Claims 1 - 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gai et al. 
(U.S. Patent 6,167,445), in view of Brock et al. (U.S. Patent 2003/01 10393). 

As per claim 1 and 10, Gai teaches an apparatus for providing priority queuing to 
packets at a network device in a communications network (Gai: Column 4 Line 14-20 and 
Column 9 Line 36 - 47: priority queues are used for managing network congestion control), 
comprising: 

(i) a decision engine (Gai: Figure 5 / Element 512 and Column 10 Line 24 - 34: traffic 
management controller is qualified as a decision engine), at the network device, for receiving 
packets from the communications network and queuing each of the packets in a selected 
queue, wherein n queues having respective level of priority are available and n > 2 (Gai: Figure 
5 / Element 520, 522 & 532 and Column 10 Line 24 - 34 and Column 9 Line 41 - 43: multiple 
priority queues are used) in dependence upon a source address of the packet (Gai: Column 6 
Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 and Figure 7C / Element 742 & 746: 
classification rules are used to associate differentiated services (DS) or quality of service (QoS) 
with different priorities of traffic management that corresponds QoS level to packets based on 
their source or destination addresses). 

However, Gai does not expressly explicitly in dependence upon a source address of the 
packet having a level of trust associated to the source address corresponding to the priority 
level of the selected queue. 

Brock (combined with Gai) teaches in dependence upon a source address of the packet 
having a level of trust associated to the source address corresponding to the priority level of the 
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selected queue ((a) Brock: Para [0009], Para [0028], Para [0012] Line 5-7, Para [0015] Line 
10-25 and Para [0032]: by monitoring the source address to prevent the denial of service 
attacks, a plurality of signature tables are created and ranked (with different classifications) 
based on likelihood of occurrence of malicious source devices and a null signature is added into 
the signature tables corresponding to non-malicious devices indicating no threat to the protected 
device and (b) Gai: Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 and Figure 
7C / Element 742 & 746: Gai teaches classification rules are used to associate different ranking 
(i.e. different classifications) with different priorities of queues that corresponds QoS level to 
packets based on their source addresses and thereby obviously, each of the n queues has an 
associated table with source addresses). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Brock within the system of Gai because (a) Gai 
teaches providing a mechanism to effectively allocate network resources and services when 
greater demands are being placed on the TCP-based network by using classification' rules to 
associate different ranking (i.e. different classifications) that corresponds QoS level to packets 
based on their source or destination addresses for intrusion detection systems (Gai: Column 5 
Line 29 - 33, Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 and Figure 7C / 
Element 742 & 746) and (b) Brock teaches maximizing efficiency, in a denial of service 
prevention system, by monitoring the source address to prevent the denial of service attacks, a 
plurality of signature tabjes are created and ranked (with different classifications) based on 
likelihood of occurrence of malicious source devices and a null signature is added into the 
signature tables corresponding to non-malicious devices indicating no threat to the protected 
device because the vast majority of system events may pose no threat to the protected device 
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so that the system latency can be significantly decreased (Brock: Para [0012] Line 1 - 7, Para 
[0009], Para [0028], Para [0012] Line 5-7, Para [0015] Line 10 - 25 and Para [0032]). 

(ii) a scheduler (Gai: Figure 5 / Element 522 Column 10 Line 27 - 34) for de-queuing 
packets from the queues for transmission to the network device wherein packets from the queue 
are de-queued at different rates depending according to the respective priorities of the n 
queues, whereby packets with source addresses recognized to be legitimate are serviced at a 
higher rate than packets with unknown source address or whose legitimacy is still to be proven 
(Gai: Column 2 Line 54 - 57, Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 
and Figure 7C / Element 742 & 746: (a) priority queues are used to traverse the packets at 
different speeds into the network (b) classification rules are used to associate differentiated 
services (DS) or quality of service (QoS) with different priorities of traffic management that 
corresponds QoS level to packets based on their source or destination addresses) & (Brock: 
Para [0009], Para [0028], Para [0012] Line 5-7. Para [0015] Line 10-25 and Para [0032]: by 
monitoring the source address to prevent the denial of service attacks, a plurality of signature 
tables are created and ranked (with different classifications) based on likelihood of occurrence 
of malicious source devices and a null signature is added into the signature tables 
corresponding to non-malicious devices indicating no threat to the protected device. 

As per claim 2 and 1 1 , Gai as modified teaches the network device is a local area 
network (LAN) (Gai: Column 1 Line 29 - 40). 

As per claim 3 and 12, Gai as modified teaches each of said n queues has an 
associated classification of ranking with the source address of packets (Gai: Column 15 Line 50 
- 54 and Figure 7C / Element 742 & 746, Column 6 Line 27 - 30 / Line 48 - 57) each of said n 



Application/Control Number: Page 8 

10/712,103 

Art Unit: 2131 

queues has an associated table with source addresses ((a) Brock: Para [0009], Para [0028], 
Para [0012] Line 5-7, Para [0015] Line 10-25 and Para [00.32]: by monitoring the source 
address to prevent the denial of service attacks, a plurality of signature tables are created and 
ranked (with different classifications) based on likelihood of occurrence of malicious source 
devices and a null signature is added into the signature tables corresponding to non-malicious 
devices indicating no threat to the protected device and (b) Gai: Column 6 Line 27 - 30 / Line 48 
- 57, Column 15 Line 50 - 54 and Figure 7C / Element 742 & 746: Gai teaches classification 
rules are used to associate different ranking (i.e. different classifications) with different priorities 
of queues that corresponds QoS level to packets based on their source addresses and thereby 
obviously, each of the n queues has an associated table with source addresses). 

As per claim 4 and 13, Gai as modified teaches said n associated tables have relative 
priority levels ranging from legitimate to unknown (Brock: Para [0032], Para [0015] Line 10-25, 
Para [0009] and Para [0028] Line 1 1 - 14 & Gai: Figure 7C / Element 742 & 746: monitoring the 
source address and creating a friend / good signature table corresponding to non-malicious 
devices with null signature indicating no threat to the protected device (considered as legitimate 
source ranking) and the source addresses to be blocked or filtered with least ranking of trusts 
are considered as an unknown / unauthorized source ranking). 

As per claim 5 and 14, Gai as modified teaches certain legitimate source addresses can 
be pre-provisioned into the different tables according to their relative priorities (Brock: Para 
[00031] Line 5-11, Para [0009] and Para [0028] Line 1 1 - 14 & Gai: Figure 7C / Element 742 
& 746: pre-provisioned into different signature tables by the 3^^ party of manufacturer). 
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As per claim 6 and 15, Gal as modified teaches means to count source addresses and 
to place source addresses in a table having a legitimate classification after receiving N packets 
with the same source address, where N is a positive integer (Brock: Para [0015] Line 4-20 and 
Para [0009]: the source device does not pose threat to the protected device is added into the 
signature table and the occurrence data N must be positive (i.e. at least occur once) to meet the 
claim language). 

As per claim 8 and 17, Gal as modified teaches the decision engine is operable to 
remove entries from the tables in accordance with the time that each of the entries has existed 
in those tables (Brock: Para [0015], Page 2, Right Column, Line 4 - 10: a null signature (i.e. an 
associated good / friend source device) may be removed after the expiration of a predetermined 
interval of time during which the associated signature event has not been detected, or after 
simply after a predetermined time). 

As per claim 9 and 18, Gai as modified teaches the decision engine is operable to 
discard packets from the queues in accordance with a RED (Random Early Drop) algorithm 
(Gai: Column 4 Line 35 - 40). 

5. Claims 7 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gai et 
al. (U.S. Patent 6,167,445), in view of Brock et al. (U.S. Patent 2003/01 10393), and in view of 
Devarakonda et al. (U.S. Patent 2001/0052024). 

As per claim 7 and 16, Gai teaches each of said n queues has an associated 
classification of ranking with the destination address (besides the source address) of packets 
(Gai: Column 15 Line 50 - 54 and Figure 7C / Element 742 & 746, Column 6 Line 27 - 30 / Line 
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48 - 57). However, Gai does not disclose expressly an outgoing packet monitor to recognize 
TCP FIN packets and to instruct the decision engine to update the priority of the destination 
address of these TCP FIN packets and to put th'ese addresses into the appropriate tables. 

Devarakonda teaches an outgoing packet monitor to recognize TCP FIN packets and to 
instruct the decision engine to update the priority of the destination address of these TCP FIN 
packets and to put these addresses into the appropriate tables ((a) Devarakonda: Para [0026] 
Line 4 - 9 and Para [0027] Line 1 - 3: an affinity table (i.e. good table) is maintained upon the 
TCP FIN packet indicating the connection is closed and the affinity table includes the client, 
proxy, and the server node IP address (obviously including source and destination addresses) 
and (b) Gai: Column 15 Line 50 - 54, Column 6 Line 27 - 30 / Line 48 - 57 and Figure 7C / 
Element 742 & 746: Gai teaches classification rules are used to associate different ranking (i.e. 
different classifications) with different priorities of queues that corresponds QoS level to packets 
based on their destination addresses and thereby obviously, an outgoing packet monitor to 
recognize TCP FIN packets and to instruct the decision engine to update the priority of the 
destination address of these TCP FIN packets and to put these addresses into the appropriate 
tables). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Devarakonda within the system of Gai because 
(a) Gai teaches providing a mechanism to effectively allocate network resources and services 
when greater demands are being placed on the TCP-based network by using classification rules 
to associate different ranking (i.e. different classifications) that corresponds QoS level to 
packets based on their source or destination addresses for intrusion detection systems (Gai: 
Column 5 Line 29 - 33, Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 and 
Figure 7C / Element 742 & 746) and (b) Devarakonda teaches improving efficiency, in a TCP- 
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based routing network, by providing an affinity table (i.e. good table) is maintained upon the 
TCP FIN packet indicating the connection is closed and the affinity table includes the client, 
proxy, and the server node IP address (obviously including source and destination addresses) 
so that the overhead for affinity routing and load balancing can be minimized (Devarakonda: 
Para [0020], Para [0026] Line 4 - 9 and Para [0027] Line 1 - 3). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant 
is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Longbit Chai whose telephone number is 571-272-3788. The examiner 
can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding \s assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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